To block `jumpcloud.com` or not.

To block `jumpcloud.com` or not.

[Adam G]

[-- Attachment #1: Type: text/plain, Size: 645 bytes --]

Hi all,

I've moved this discussion about jumpcloud.com from the forum to the correct place.

This domain was specifically added to the upstream list “mtxadmin - Malware Remote”, which covers remote administration tools. These can potentially be used as Command & Control (C&C) domains by malware and people with bad intentions.

In Tim’s case it’s blocking devices on his guest network. Most people will never need this domain, so I think it should stay blocked by default and be added to personal whitelists where required.

If we remove this one, we should remove the entire upstream list too for consistency.

Thanks,
Adam

[-- Attachment #2: Type: text/html, Size: 738 bytes --]

Re: To block `jumpcloud.com` or not.

[Tim Zakharov]

[-- Attachment #1: Type: text/plain, Size: 1206 bytes --]

Here is my dilemma. First, there is no way to whitelist this specific rule as it is currently set up in IPfire DBL IPS ruleset. Second, the software itself is not coded with malicious intent. It is legitimate commercial software. One could potentially find ways of maliciously using many other legit software packages. Would we then have to categorize each of them as malware? There is a difference between malware and malicious actors that needs to be part of this conversation.

On Tuesday, March 10th, 2026 at 6:38 AM, Adam G <ag@ipfire.org> wrote:

> Hi all,
>
> I've moved this discussion about jumpcloud.com from the forum to the correct place.
>
> This domain was specifically added to the upstream list “mtxadmin - Malware Remote”, which covers remote administration tools. These can potentially be used as Command & Control (C&C) domains by malware and people with bad intentions.
>
> In Tim’s case it’s blocking devices on his guest network. Most people will never need this domain, so I think it should stay blocked by default and be added to personal whitelists where required.
>
> If we remove this one, we should remove the entire upstream list too for consistency.
>
> Thanks,
> Adam

[-- Attachment #2: Type: text/html, Size: 1568 bytes --]

Re: To block `jumpcloud.com` or not.

[Tim Zakharov]

[-- Attachment #1: Type: text/plain, Size: 1451 bytes --]

I just noticed that secure.logmein.com is also categorized as malware. Do we know what others may be on this list? TeamViewer? RustDesk?

On Tuesday, March 10th, 2026 at 7:07 AM, Tim Zakharov <tzakharov@protonmail.com> wrote:

> Here is my dilemma. First, there is no way to whitelist this specific rule as it is currently set up in IPfire DBL IPS ruleset. Second, the software itself is not coded with malicious intent. It is legitimate commercial software. One could potentially find ways of maliciously using many other legit software packages. Would we then have to categorize each of them as malware? There is a difference between malware and malicious actors that needs to be part of this conversation.
>
> On Tuesday, March 10th, 2026 at 6:38 AM, Adam G <ag@ipfire.org> wrote:
>
>> Hi all,
>>
>> I've moved this discussion about jumpcloud.com from the forum to the correct place.
>>
>> This domain was specifically added to the upstream list “mtxadmin - Malware Remote”, which covers remote administration tools. These can potentially be used as Command & Control (C&C) domains by malware and people with bad intentions.
>>
>> In Tim’s case it’s blocking devices on his guest network. Most people will never need this domain, so I think it should stay blocked by default and be added to personal whitelists where required.
>>
>> If we remove this one, we should remove the entire upstream list too for consistency.
>>
>> Thanks,
>> Adam

[-- Attachment #2: Type: text/html, Size: 2107 bytes --]

Re: To block `jumpcloud.com` or not.

[Michael Tremer]

Hello,

None of this is malware. The upstream list is garbage for our use-case and I have removed it.

-Michael

> On 10 Mar 2026, at 12:15, Tim Zakharov <tzakharov@protonmail.com> wrote:
> 
> I just noticed that secure.logmein.com is also categorized as malware. Do we know what others may be on this list?  TeamViewer?  RustDesk?
> 
> On Tuesday, March 10th, 2026 at 7:07 AM, Tim Zakharov <tzakharov@protonmail.com> wrote:
>> Here is my dilemma.  First, there is no way to whitelist this specific rule as it is currently set up in IPfire DBL IPS ruleset. Second, the software itself is not coded with malicious intent. It is legitimate commercial software. One could potentially find ways of maliciously using many other legit software packages. Would we then have to categorize each of them as malware?  There is a difference between malware and malicious actors that needs to be part of this conversation. 
>> 
>> On Tuesday, March 10th, 2026 at 6:38 AM, Adam G <ag@ipfire.org> wrote:
>>> Hi all,
>>> 
>>> I've moved this discussion about jumpcloud.com from the forum to the correct place.
>>> 
>>> This domain was specifically added to the upstream list “mtxadmin - Malware Remote”, which covers remote administration tools. These can potentially be used as Command & Control (C&C) domains by malware and people with bad intentions.
>>> 
>>> In Tim’s case it’s blocking devices on his guest network. Most people will never need this domain, so I think it should stay blocked by default and be added to personal whitelists where required.
>>> 
>>> If we remove this one, we should remove the entire upstream list too for consistency.
>>> 
>>> Thanks,
>>> Adam
>> 
>